AirMason

In this article, we'll be referencing this URL at a couple of places. You can figure out what to use there by going to Manage Organization &gt; Employee Portal

If you've got custom domain setup on AirMason - then your Employee Portal URL will be your custom domain (Eg: handbooks.johnsmithweb.com) - otherwise it will be books.airmason.com/&lt;company-handle&gt;, where &lt;company-handle&gt; is company handle that you've set up. (Eg: books.airmason.com/johnsmith)

___________________________________________________________

Setting up AirMason app on CyberArk:

In your Identity User portal select “Admin Portal”

Click “Add web apps” and select custom tab and click SAML.

Select the Trust tab, paste the following URL: ​https://{{AirMason’s dedicated Employee portal URL}}/saml2/cyberark/metadata ​

After that, go to the SAML Response tab, add the required attributes for data mapping.

Click on the Trust tab and retrieve the following information: ​

1. In your Identity User portal select “Admin Portal”
2. Click “Web apps”
3. Click “Add web apps” and select custom tab and click SAML.
4. Name the App in the settings tab
5. Select the Trust tab, paste the following URL: ​https://{{AirMason’s dedicated Employee portal URL}}/saml2/cyberark/metadata ​
6. After that, go to the SAML Response tab, add the required attributes for data mapping.

7. Click on the Trust tab and retrieve the following information: ​
 
 1. Trust URL 
 2. Metadata file
 1.

Connecting CyberArk SSO app to AirMason:

Under your newly created CyberArk app, go to “SignOn” tab and then click on “View Setup Instructions” and copy the following fields: 1.1. Identity Provider Issuer 1.2. Single Sign-On URL 1.3. X.509 Certificate

Now, login to airmason.com and go to <a href="https://admin.airmason.com/integrations/" rel="nofollow noopener noreferrer" target="_blank">Integrations</a> page

Select CyberArk app from SSO applications and click on Connect and set the following params: 3.1. Issuer URL as Identity Provider Issuer value from Step 1.1. 3.2. SAML 2.0 Endpoint as Single Sign-On URL value from Step 1.2. 3.3. Certificate as X.509 Certificate value from Step 1.3.

1. Under your newly created CyberArk app, go to “SignOn” tab and then click on “View Setup Instructions” and copy the following fields: 1.1. Identity Provider Issuer 1.2. Single Sign-On URL 1.3. X.509 Certificate
2. Now, login to airmason.com and go to <a href="https://admin.airmason.com/integrations/" rel="nofollow noopener noreferrer" target="_blank">Integrations</a> page
3. Select CyberArk app from SSO applications and click on Connect and set the following params: 3.1. Issuer URL as Identity Provider Issuer value from Step 1.1. 3.2. SAML 2.0 Endpoint as Single Sign-On URL value from Step 1.2. 3.3. Certificate as X.509 Certificate value from Step 1.3.

Testing CyberArk SSO as employee:

Go to your Employee Portal URL. It should show you login page for viewing your handbooks

It should take you to login using CyberArk SSO credentials (if you are not logged in)

Once you log in, it should bring you back to AirMason and you should be able to view handbooks you've access to (similar to what is shown below).

1. Go to your Employee Portal URL. It should show you login page for viewing your handbooks
2. Click on "Login with CyberArk"
3. It should take you to login using CyberArk SSO credentials (if you are not logged in)
4. Once you log in, it should bring you back to AirMason and you should be able to view handbooks you've access to (similar to what is shown below).